Joi Ito's Web

Joi Ito's conversation with the living web.

WiFi eyes better wireless LAN security

By Stephen Lawson
October 30, 2002 11:37 am PT

THE WIRELESS ETHERNET Compatibility Alliance (WECA), which certifies IEEE 802.11 wireless LAN products with the WiFi label, on Thursday will announce a new set of mechanisms to combat the security problem that has plagued wireless LANs.

A WECA official did not provide details of the mechanisms but said they are intended to replace the current security system based on WEP (Wireless Encryption Protocol).

WEP, which is built in to products that use the IEEE 802.11b and 802.11a standards, is easy for intruders to break into, according to many analysts and other observers. A task group within the working group that administers 802.11 in the Institute of Electrical and Electronic Engineers Inc. (IEEE) is developing a new security specification that would require equipment to support several different strong algorithms for encrypting traffic. That work is not done yet, and products using it are not expected until the second half of next year.

Duh... This is a pretty big problem. People think that having a WEP key is actually secure. You can crack normal WEP keys in a few minutes by sniffing traffic and using programs such as wepcrack which is available on the web. There are some chipsets out that have better security, but most of the AP's we all use are completely vulnerable. On the other hand, if you aren't worried about people hijacking traffic and if you encrypt everything you do internally, you're fine. Just don't for a moment think that just because you set a WEP key that you're secure. (Kudo's to Chris for telling me about wepcrack. ;-) )

1 Comment

Remember that WEP not only provides the confidentiality services (encrypting over-the-air traffic), but also network access control (authentication). Thus people may also use your AP without your permission (e.g. you may have heard of "drive-by spamming" which I find a lot cooler than war driving, as far as nomenclature is concerned).


3 TrackBacks

Listed below are links to blogs that reference this entry: W-Fi Security?.

TrackBack URL for this entry:

Joi Ito mentions that WECA are about to annnounce a new set of mechanisms to address the vulnerabilities in wireless Read More

Joi Ito mentions that WECA are about to annnounce a new set of mechanisms to address the vulnerabilities in wireless Read More

Mine isn't. You can drive to my office parking lot, get on the network, and download everything from our public file sharing server. You can also surf the web at T1 speeds. You'll need to know where my office is though! Obviously you can't rely on... Read More